How to allow PHP loading from one domain?

Question

How to allow PHP loading from one domain?

In the HTML form I wrote, the user can upload the file sent when submitted using ajax. The script is located at exampledomain.com/upload.php.

I want to avoid a situation where someone is going to create their own form with an action pointing to upload.php and start sending out my server using unauthorized files.

Everyone can fill out my HTML form, so login / password for downloading is not an option for me. Is there an effective way to make sure upload.php will only run from an HTML form on my website?

One way to solve this problem is to use sessions, but I'm not sure how well it works with ajax. Any suggestions?

+5

php forms file-upload

flying_tiger Sep 06 '11 at 10:55

source share

5 answers

Matt Gibson · Answer 1 · 2011-09-06T12:34:34+0000

Although Cross-Site Request Forgery is usually classified as an attack on already verified user accounts through another site, the methods used to deal with it will work for you to some extent, although, as you say, your users are not authenticated as such.

, unce ( ) , Jeff Atwood, , POSTing - , nonce, POST, , , , , -, "" - .

, nonce , .. . , , , CAPTCHA s, .

, ( , , CAPTCHA , , ), , CAPTCHA, , . , - , .

(, Ajax - , , Ajax, , - . .)

Your Common Sense · Answer 2 · 2011-09-06T13:03:55+0000

, - , upload.php, .

.

PHP ?

, "", .

, . .

Bogdan Cosmin · Answer 3 · 2011-09-06T11:04:52+0000

- captcha ( recaptcha). , , - ( clrf), $_SERVER [''],

MattP · Answer 4 · 2011-09-06T11:06:50+0000

PHP , , , , , .

upload.php, .

.

arijeet · Answer 5 · 2011-09-06T13:08:12+0000

You can also calculate the size of the file uploaded to Kbytes and attach this integer to the session variable and check this variable on the next landing page after logging in!

How to allow PHP loading from one domain?

More articles: